To allow executable files to run from local
folders and external media and allow child processes initiated from parent
processes in a specific folder, you can configure a global whitelist.
Similar to the existing whitelist functionality for Java processes,
unsigned executable files, and Thread Injection, you can specify
full paths and path variables and can also use wildcards for pattern
to match similar terms and
match any characters).
Items in the whitelist section also
take precedence over any blacklisted items and are evaluated first
in the security policy.
To specify whether Traps blocks an executable file that
it is opened from a location not included in the whitelist or that
is younger than the block period, configure the
one of the following:
—Do not block
access to executable files and processes but log when files that
are opened from locations not included in the whitelist and report
those events to the ESM.
—Block executable files
To specify whether Traps should notify the user when
an executable file is opened from a location not included in the
whitelist, configure the
of the following:
—Notify the user.
—Do not notify the user.
Click the add folder icon
next to the whitelist
area for Local Folder, Child Process, or Media Control and enter
the full path or partial path. For example,
Whitelists also support wildcards and environmental
variables, such as